840Dsl 828D OPCUA Config Man 1218 en-US
840Dsl 828D OPCUA Config Man 1218 en-US
840Dsl 828D OPCUA Config Man 1218 en-US
Introduction 1
Safety notes 2
SINUMERIK
Setting up of OPC UA server 3
SINUMERIK 840Dsl/828D
SINUMERIK Access MyMachine / 4
User administration
OPC UA
Functionality 5
Configuration Manual
Diagnostics 6
Technical data 8
Trouble shooting 10
Valid for:
12/2018
6FC5397-1DP41-0BA2
Legal information
Warning notice system
This manual contains notices you have to observe in order to ensure your personal safety, as well as to prevent
damage to property. The notices referring to your personal safety are highlighted in the manual by a safety alert
symbol, notices referring only to property damage have no safety alert symbol. These notices shown below are
graded according to the degree of danger.
DANGER
indicates that death or severe personal injury will result if proper precautions are not taken.
WARNING
indicates that death or severe personal injury may result if proper precautions are not taken.
CAUTION
indicates that minor personal injury can result if proper precautions are not taken.
NOTICE
indicates that property damage can result if proper precautions are not taken.
If more than one degree of danger is present, the warning notice representing the highest degree of danger will be
used. A notice warning of injury to persons with a safety alert symbol may also include a warning relating to property
damage.
Qualified Personnel
The product/system described in this documentation may be operated only by personnel qualified for the specific
task in accordance with the relevant documentation, in particular its warning notices and safety instructions. Qualified
personnel are those who, based on their training and experience, are capable of identifying risks and avoiding
potential hazards when working with these products/systems.
Proper use of Siemens products
Note the following:
WARNING
Siemens products may only be used for the applications described in the catalog and in the relevant technical
documentation. If products and components from other manufacturers are used, these must be recommended or
approved by Siemens. Proper transport, storage, installation, assembly, commissioning, operation and
maintenance are required to ensure that the products operate safely and without any problems. The permissible
ambient conditions must be complied with. The information in the relevant documentation must be observed.
Trademarks
All names identified by ® are registered trademarks of Siemens AG. The remaining trademarks in this publication
may be trademarks whose use by third parties for their own purposes could violate the rights of the owner.
Disclaimer of Liability
We have reviewed the contents of this publication to ensure consistency with the hardware and software described.
Since variance cannot be precluded entirely, we cannot guarantee full consistency. However, the information in
this publication is reviewed regularly and any necessary corrections are included in subsequent editions.
SINUMERIK documentation
The SINUMERIK documentation is organized into the following categories:
● General documentation/catalogs
● User documentation
● Manufacturer/service documentation
Additional information
You can find information on the following topics at the following address (https://
support.industry.siemens.com/cs/document/108464614/):
● Ordering documentation/overview of documentation
● Additional links to download documents
● Using documentation online (find and search in manuals/information)
If you have any questions regarding the technical documentation (e.g. suggestions,
corrections), please send an e-mail to the following address
(mailto:[email protected]).
mySupport/Documentation
At the following address (https://support.industry.siemens.com/My/ww/en/documentation),
you can find information on how to create your own individual documentation based on
Siemens' content, and adapt it for your own machine documentation.
Training
At the following address (http://www.siemens.com/sitrain), you can find information about
SITRAIN (Siemens training on products, systems and solutions for automation and drives).
FAQs
You can find Frequently Asked Questions in the Service&Support pages under Product
Support (https://support.industry.siemens.com/cs/de/en/ps/faq).
SINUMERIK
You can find information about SINUMERIK at the following address (http://www.siemens.com/
sinumerik).
Target group
This document addresses commissioning engineers, machine tool manufacturers, planners
and plant operating companies. The document provides detailed information that
commissioning engineers require to setup the SINUMERIK Access MyMachine / OPC UA
software.
Benefits
The Configuration Manual instructs the target group on how to use/configure the software
correctly.
Standard scope
This documentation describes the functionality of the standard scope. Additions or revisions
made by the machine manufacturer are documented by the machine manufacturer.
Other functions not described in this documentation might be executable in the control system.
This does not, however, represent an obligation to supply such functions with a new control
system or when servicing.
For the sake of simplicity, this documentation does not contain all detailed information about
all types of the product and cannot cover every conceivable case of installation, operation, or
maintenance.
Technical Support
Country-specific telephone numbers for technical support are provided in the Internet at the
following address (https://support.industry.siemens.com/cs/sc/2090/) in the "Contact" area.
Preface.........................................................................................................................................................3
1 Introduction...................................................................................................................................................9
1.1 General description..................................................................................................................9
1.1.1 SINUMERIK OPC UA server...................................................................................................9
1.2 Features.................................................................................................................................10
1.3 System setup.........................................................................................................................11
1.4 Compatibility of OPC UA server version and CNC software versions...................................12
1.5 Reference to OPC UA specification.......................................................................................13
2 Safety notes................................................................................................................................................15
2.1 Fundamental safety instructions............................................................................................15
2.1.1 General safety instructions.....................................................................................................15
2.1.2 Warranty and liability for application examples......................................................................15
2.1.3 Industrial security...................................................................................................................16
2.2 OPC UA security notes..........................................................................................................18
3 Setting up of OPC UA server......................................................................................................................19
3.1 Prerequisites..........................................................................................................................19
3.2 Option OPC UA......................................................................................................................20
3.3 Commissioning.......................................................................................................................21
3.4 Certificate handling................................................................................................................26
3.4.1 Overview................................................................................................................................26
3.4.2 Server certificates..................................................................................................................28
3.4.3 Client certificates....................................................................................................................31
3.4.3.1 Trusted certificates.................................................................................................................31
3.4.3.2 Rejected certificates...............................................................................................................33
3.5 Testing the connection...........................................................................................................35
4 User administration.....................................................................................................................................41
4.1 Overview................................................................................................................................41
4.2 User management..................................................................................................................42
4.3 Rights management...............................................................................................................43
4.4 List of rights............................................................................................................................44
5 Functionality...............................................................................................................................................47
5.1 Overview................................................................................................................................47
5.2 Address space model ............................................................................................................48
5.3 Variable access......................................................................................................................50
1.2 Features
The SINUMERIK OPC UA server provides the possibility to communicate with SINUMERIK
via OPC UA. The following functionalities of the OPC UA specification are supported by the
server:
● Read, write and subscribe to SINUMERIK variables (NC, PLC) (see chapter Variable
access (Page 50))
● Transfer of part programs (see chapter File system (Page 74))
● Support for File and Folder Objects
● Event based provision of SINUMERIK alarms and messages from HMI, NC and PLC (see
chapter Alarms (Page 60))
● Methods for selection of part programs from the NC file system and external memory (see
chapter Select (Page 84)) and methods for tool management (see chapter Tool
management (Page 88))
● Multi language support for the alarm and warning messages.
Security settings
The server provides the possibility to communicate in an unencrypted or encrypted way. The
following options are possible:
● None
● 128 Bit - Sign (Basic128Rsa15)
● 128 Bit - Sign & Encrypt (Basic128Rsa15)
● 256 Bit – Sign (Basic256Sha256)
● 256 Bit - Sign (Basic256)
● 256 Bit – Sign & Encrypt (Basic256Sha256)
● 256 Bit - Sign & Encrypt (Basic256)
NOTICE
Security risk of no or low encryption
During operational process, an encrypted communication must always be used for security
reasons.
Furthermore, the SINUMERIK OPC UA server provides the possibility of user administration,
which allows to assign access rights for each user individually (see chapter User
administration (Page 41)).
See also
Certificate handling (Page 26)
SINUMERIK Accessibility
systems
SINUMERIK After successful licensing and activation the OPC UA server is accessible via the X130 interface.
828D
SINUMERIK The OPC UA server needs SINUMERIK Operate and runs on the same place as SINUMERIK Operate. For
840D sl this reason, system setup depends on whether a Thin Client is used (SINUMERIK Operate runs on NCU)
or a PCU / IPC with Windows operating system.
Thin Client If a Thin Client is used, the OPC UA server is accessible after successful licensing
and activation via X120 and X130 interface of the NCU.
PCU / IPC If a PCU / IPC is used, the OPC UA server is accessible after successful licensing
and activation via "eth1" and "eth2" interface of the PCU / IPC. In this case the OPC UA
server is neither accessible via "eth3" interface of the PCU/IPC nor the X120 or X130
interface of the NCU.
Application scenario
/RFDO 1HWZRUN
&XVWRPHU
DSSOLFDWLRQ23&
8$FOLHQW
3&8,3&
&XVWRPHU
23&8$
DSSOLFDWLRQ23&
VHUYHU
8$FOLHQW
23&8$ 23&8$
23&8$VHUYHU VHUYHU VHUYHU
WARNING
Danger to life if the safety instructions and residual risks are not observed
If the safety instructions and residual risks in the associated hardware documentation are not
observed, accidents involving severe injuries or death can occur.
● Observe the safety instructions given in the hardware documentation.
● Consider the residual risks for the risk evaluation.
WARNING
Malfunctions of the machine as a result of incorrect or changed parameter settings
As a result of incorrect or changed parameterization, machines can malfunction, which in turn
can lead to injuries or death.
● Protect the parameterization (parameter assignments) against unauthorized access.
● Handle possible malfunctions by taking suitable measures, e.g. emergency stop or
emergency off.
Note
Industrial security
Siemens provides products and solutions with industrial security functions that support the
secure operation of plants, systems, machines and networks.
In order to protect plants, systems, machines and networks against cyber threats, it is
necessary to implement – and continuously maintain – a holistic, state-of-the-art industrial
security concept. Siemens’ products and solutions constitute one element of such a concept.
Customers are responsible for preventing unauthorized access to their plants, systems,
machines and networks. Such systems, machines and components should only be connected
to an enterprise network or the Internet if and to the extent such a connection is necessary
and only when appropriate security measures (e.g. firewalls and/or network segmentation) are
in place.
For additional information on industrial security measures that may be implemented, please
visit:
Industrial security (http://www.siemens.com/industrialsecurity)
Siemens’ products and solutions undergo continuous development to make them more secure.
Siemens strongly recommends that product updates are applied as soon as they are available
and that the latest product versions are used. Use of product versions that are no longer
supported, and failure to apply the latest updates may increase customer’s exposure to cyber
threats.
To stay informed about product updates, subscribe to the Siemens Industrial Security RSS
Feed at:
Industrial security (http://www.siemens.com/industrialsecurity)
WARNING
Unsafe operating states resulting from software manipulation
Software manipulations (e.g. viruses, trojans, malware or worms) can cause unsafe operating
states in your system that may lead to death, serious injury, and property damage.
● Keep the software up to date.
● Incorporate the automation and drive components into a holistic, state-of-the-art industrial
security concept for the installation or machine.
● Make sure that you include all installed products into the holistic industrial security concept.
● Protect files stored on exchangeable storage media from malicious software by with
suitable protection measures, e.g. virus scanners.
● Protect the drive against unauthorized changes by activating the "know-how protection"
drive function.
NOTICE
OPC UA provides read/write access on data in SINUMERIK. This access might also affect
security relevant data.
● You can limit this access on SINUMERIK data by individual read and write permission.
Please refer to chapter User administration (Page 41), especially chapter List of rights
(Page 44).
NOTICE
Protection against security risks
To protect industrial plants and systems comprehensively against cyber attacks, measures
must be applied simultaneously at all levels (from the operational level up to the field level,
from access control to copy protection). Therefore, before setting up of the OPC UA server,
apply the "Defense in Depth" protection concept in order to avoid security risks in your
environment.
Ensure that you do not connect the company network to the internet without suitable protective
measures.
You will find further information on the Defense-in-Depth concept, suitable protective
measures and Industrial Security in general in the Configuration Manual Industrial Security
(https://support.industry.siemens.com/cs/de/en/view/108862708).
Prerequisites
● OPC UA server requires SINUMERIK Operate.
● OPC UA server requires an OPC UA license (6FC5800-0AP67-0YBO).
● Make sure that the HMI time is set correctly, since this is a prerequisite for encrypted
communication.
3.3 Commissioning
Note
The certificate needed for secure OPC UA communication is automatically created during the
first run-up. The start date of the validity period of the certificate is set to the current date. The
validity period is 20 years.
If the SINUMERIK system time is subsequently changed, so that it lies outside the validity
period, the secure OPC UA communication does not function (BadCertificateTimeInvalid).
The certfiicate can also be changed manually, as decribed in chapter Certificate handling
(Page 26).
3. Press the "Setup" softkey. The Settings dialog will appear. Then press the "Change"
softkey. Make the necessary settings for connection, authentication and activation.
NOTICE
Security risk due to data manipulation and data sniffing
Anonymous access can be a security risk. Anonymous access should therefore be strictly
limited to commissioning.
● For normal operation authentication via username and password or based on
certificates should be used (see chapter Certificate handling).
NOTICE
Security risk due to data manipulation and data sniffing
If no message encryption to the client is established, there will be a security risk of data
manipulation and data sniffing. It is therefore highly recommended to establish a message
encryption to the client.
● Use the highest possible encryption standard (256 bit) to ensure a secure message
transfer.
Note
Assigning secure passwords
Observe the following rules when creating new passwords:
● When assigning new passwords, ensure that you do not assign passwords that can be
guessed, e.g. simple words, key combinations that can be easily guessed, etc.
● Passwords must always contain a combination of upper-case and lower-case letters as
well as numbers and special characters. Passwords must comprise at least eight
characters. The server does not support passwords comprising less than eight
characters. PINS must comprise an arbitrary sequence of digits.
● Wherever possible and where it is supported by the IT systems, a password must always
have a character sequence as complex as possible.
The German Federal Office for IT Security (BSI) (https://www.bsi.bund.de/SharedDocs/
Downloads/DE/BSI/Grundschutz/International/GSK_15_EL_EN_Draft.pdf?
__blob=publicationFile&v=2) provides additional rules for creating secure passwords.
Programs are available that can help you to manage your passwords. Using these
programs, you can encrypt, save and manage your passwords and secret numbers – and
also create secure passwords.
Note
If you want to change the password later, you can do this via the OPC UA method
"ChangeMyPassword" or in the SINUMERIK Operate screen.
4. Then choose "OK". If you enter a port for the first time, you will receive a safety note.
Note
Port opening on IPC
On first startup of OPC UA server a windows message will appear, asking the user to
confirm the opening of the port.
5. If settings are all done, restart is necessary to activate the new settings. Perform a hardware
restart on the target systems NCU and PPU. A restart of the SINUMERIK Operate is
necessary on the PCU 50/IPC.
3.4.1 Overview
To establish a secure connection between an OPC UA server and a client it is necessary to
exchange and trust the certificate of the other communication partner. The exchange is
normally done automatically at the first connection attempt between client and server.
Nevertheless there is also the possibility to exchange the certificates manually before the other
communication partner is available, e. g for preparing an easy commissioning.
For trusting the certificates there are two possibilities within the server:
● Automatic trusting of new certificates
If "Accept certificates automatically" is activated in the commissioning dialog, new client
certificates are trusted automatically and there is no manual interaction necessary to
establish a secure connection.
This is the most comfortable option, but less secure than the manual trusting, since all
certificates will be trusted.
● Manual trusting of certificates (recommended)
If "Accept certificates automatically" is deactivated in the commissioning dialog the
certificates must be trusted manually to establish a secure connection.
This allows the administrator of the OPC UA server to manually decide, which client can
establish a secure connection to the OPC UA server
To have a comfortable way to handle certificates, the OPC UA dialog offers a certificate section,
which can be found under the softkey "Certificates".
Operations
The Certificate dialog allows the following operations:
● Server certificate
– Renewal of the server certificate
– Export of the current server certificate
● Client certificates
– List of the current trusted certificates
– List of the rejected client certificates
– Manual import of a client certificate
– Deletion of a client certificate
– Trust a rejected client certificate
Overview
① The name of the OPC UA server certificate is shown in the upper part of the screen.
② You can renew the server certificates.
③ You can export the server certificate to a configured device.
④ You can leave the OPC UA dialogs.
⑤ The details of the server certificate are shown in the lower part of the screen. You can scroll
down to see further certificate attributes.
Figure 3-5 Server Certificate
● Decision if IP address and/or host name should be mentioned in the server certificate
Note
Many clients will need the IP address in the certificate for validation. If the server will be
addressed by hostname (e. g. because the IP address of the OPC UA server changes
frequently due to a dynamic assignment by a DHCP server), it is recommended only to
include the host name in the certificate. Because otherwise the certificate must be renewed
and exchanged with every change of the IP address.
Pressing the softkey "Cancel" will ignore all input and return to the "Server" dialog.
Pressing the softkey "Ok" will save the input to the system, the currently valid certificate
will be deleted and with the next start of SINUMERIK Operate the new certificate gets
created.
Overview
① The trusted certificates are listed in the upper part of the screen. You can select a certificate
using the arrow keys (cursor up/ cursor down).
② You can delete the trusted certificates.
③ You can import a certificate from an USB device.
④ You can leave the OPC UA dialogs.
⑤ The certificate details are shown in the lower part of the screen. To set the focus on the lower
part of the screen the softkey "next window" on the keyboard is used.
Figure 3-7 Trusted Certificate
Pressing the softkey "Cancel" will do no action and return to "Trusted" dialog.
Pressing the softkey "Ok" will delete the selected certificate.
Note
After the deletion of the client certificate a connection with OPC UA server can no longer
be established by the client of the corresponding certificate.
Importing certificates
To prepare a connection a client certificate can be imported before actually establishing a
connection. With the import the certificate is automatically trusted.
1. Press the softkey "Import".
A pop up screen will appear showing the USB device to import from. You can navigate to
a location on the USB device to import a certificate to a trusted folder.
Pressing the softkey "Cancel" will ignore all input and return to the "Trusted" dialog.
Pressing the softkey "Ok" will import the certificate.
Note
Keep in mind, that only certificates with the file extension "*.der" are accepted.
Note
To use a certificate for authentication it is necessary to create a user with the method
"AddCertificateUser" first.
Overview
① The rejected certificates are listed in the upper part of the screen. You can select a certificate
using the arrow keys (cursor up/ cursor down).
② You can delete the selected certificate.
③ You can trust the selected certificate.
④ You can leave the OPC UA dialogs.
⑤ The certificate details are shown in the lower part of the screen. To set the focus on the lower
part of the screen the softkey "next window" on the keyboard is used.
Figure 3-9 Rejected Certificate
Pressing the softkey "Cancel" will do no action and return to the previous dialog.
Pressing the softkey "Ok" will delete the selected certificate.
Requirement
To test the connection, you can use the "Sample Applications" of the OPC Foundation (https://
opcfoundation.org/developer-tools/specifications-unified-architecture/opc-unified-
architecture-for-cnc-systems/) under "Developer Tools/Developer Kits/Unified Architecture". It
is necessary to register with the OPC Foundation for this.
Note
There are two ways to establish the connection:
● Connection without security
● Connection with the security policy "Basic128Rsa15" respectively "Basic256" and the
security mode "SignAndEncrypt"
SIEMENS always recommends setting up a connection with security, as only in this way the
confidentiality of the data transmitted can be ensured.
Installation
The "Sample Applications" additionally install a service with the name "OPC UA Local
Discovery Server". If you want to locally test the OPC UA connection, i.e. an installation directly
on the PCU 50/IPC, you must deactivate this service.
Note
If the service "OPC UA Local Discovery Server" is active, the OPC UA server cannot be started
correctly, because it blocks the needed TCP port 4840.
This service has no influence if the "Sample Applications" are installed on a PC in the network.
Deactivation is then not necessary.
Figure 3-12 Deactivating the "OPC UA Local Discovery Server" service on PCU 50/IPC
Procedure
1. Start the OPC UA "Sample client".
4. The SINUMERIK OPC UA server appears in the list. Select the server and confirm with
"OK".
7. Confirm the prompt asking if you want to trust the transferred certificate with "Yes".
The connection to the SINUMERIK OPC UA server is now established and the available
address space is displayed.
8. Now navigate to a nodeID (e.g. R-parameter at Sinumerik > Channel > Parameter > R) and
right click the corresponding entry. You can now test various functions:
Figure 3-19 NodeID "Sinumerik > Channel > Parameter > R"
– The attributes of a NodeID can be queried via the entry "View Attributes". One of these
attributes is the "Value", which provides the corresponding value of R1.
NOTICE
Misuse of rights
As an administrator you are fully responsible for the administration of users and their rights.
Any error in the administration process can lead to the misuse of rights.
Note
Anonymous connection
You can also establish an anonymous connection during commissioning, if this setting is active,
but the methods will not be available (feedback: "BadRequestNotAllowed").
Note
Anonymous user
Anonymous users don't have any access (Read/Write) rights after installation. As an
administrator you have to set these rights explicitly.
Note
Administrator has only read rights
Note that the administrator has only read rights per default. Other rights need to be set explicitly.
Note
You can only add/remove users/rights if you are connected as administrator. If you call the
methods with a different user, you will receive the message "BadInvalidArgument".
Method Description
AddUser Creates a new user for accessing OPC UA.
Input arguments:
UserName User Name
Initially, the password of the new user is the user name. It should then be changed using the
method "ChangeMyPassword".
AddCertificateUser Creates a new user for accessing OPC UA via certificate authentication.
Input arguments:
UserName user, certificate is issued to
CertficateData Certificate(.der) as byte string
DeleteUser Deletes a user who was added previously using the method "AddUser" and "AddCertificateUs‐
er".
Input arguments:
UserName User Name
The administrator user, created when OPC UA was set up, cannot be deleted.
GetUserList The administrator can read the list of all users.
Input arguments:
- List of users
ChangeMyPassword Changes the password for the connected user.
Input arguments:
OldPwd Current password
NewPwd1 New password
NewPwd2 New password (security prompt)
Important!
Whereas the methods "AddUser", "DeleteUser", "GiveUserAccess" and "DeleteUserAccess"
can only be called up if the user is connected as the administrator, the user must connect as
the corresponding user in order to change the password.
Method Description
GetMyAccessRights The currently connected user can read his rights.
Input Arguments:
- Rights
GetUserAccessRights The administrator can read the rights of another user.
Input Arguments:
User name Rights
DeleteUserAccess Deletes the specified access rights for a user.
Input Arguments:
User A user whose rights are to be deleted
Realm The access rights to be deleted as a
string.
If a user wants to delete several rights,
they must be separated by a semico‐
lon.
For all possible realm strings, see chapter List of rights (Page 44).
Example:
DeleteUserAccess("John","PlcReadDB100")
Admin wants to delete read rights of user "John" for PLC data block DB100.
Method Description
GiveUserAccess Sets the specified access rights for a user. The rights below can be combined in any combi‐
nation.
Input Arguments:
User User name which is to given the rights
Realm The access rights to be set as a string.
If a user wants to set several rights, they must
be separated by a semicolon.
Some possible realm strings are:
"StateRead" Status data - NC, channel, axis, read access
"StateWrite" Status data - NC, channel, axis, write access
"FrameRead" Zero offsets, read access
"FrameWrite" Zero offsets, write access
"SeaRead" Setting data, read access
"SeaWrite" Setting data, write access
"TeaRead" Machine data, read access
"TeaWrite" Machine data, write access
"ToolRead" Tool and magazine data, read access
"ToolWrite" Tool and magazine data, write access, Tool
management methods
"DriveRead" Drive data, read access
"DriveWrite" Drive data, write access
"GudRead" User data, read access
"GudWrite" User data, write access
"FsRead" File system, read access
"FsWrite" File system, write access
"PlcRead" PLC, read access
"PlcWrite" PLC, write access
"AlarmRead" Allows to subscribe to alarms
"RandomRead" Random, read access
"RandomWrite" Random, write access
"SinuReadAll" All of the read access operations mentioned
"SinuWriteAll" All of the write access operations mentioned
"ApWrite" Allows to call method "Select"
"PlcReadDBx" PLC DB read access (x indicates the DB num‐
ber)
"PlcWriteDBx" PLC DB write access (x indicates the DB num‐
ber)
Examples:
● GiveUserAccess ("MyUser", "GudRead; PlcWrite")
Sets the read access for user data for the "MyUser" user and sets the write access for the
PLC.
● GiveUserAccess ("John","PlcReadDB100")
Admin gives read rights to user "John" for PLC data block DB100.
Overview
The OPC UA server provides the possibility to communicate with SINUMERIK via OPC UA.
The following functionalities of the OPC UA specification are supported by the server:
● Data Access:
Read, write and subscribe to SINUMERIK variables (NC, PLC)
● Alarms & Conditions:
Event based provision of SINUMERIK alarms and messages from HMI, NC and PLC
● Methods:
User management, file transfer, tool management and program selection
This chapter describes the address space of the OPC UA server and gives further information
how to address some SINUMERIK specific values. Especially since a lot of SINUMERIK values
are stored in arrays or matrices.
Furthermore you can find description on the SINUMERIK alarm object and how to get the
alarms from the server.
At the end of this chapter explanation on how users can transfer files from or to the server
using the SINUMERIK file system.
Note
You have to pay attention to the correct upper-case and lower-case of the "nodeID". The
respective identifier of the "nodeID" provides information on the correct notation.
Variable access
The variable paths for NC access are stored in the address space of the SINUMERIK Operate
OPC UA server.
You can obtain additional information from the List Manual for 840D sl and 828D "NC variables
and interface signals" (https://support.industry.siemens.com/cs/de/de/view/109748365/en).
The displayed NC variables always represent only the first parameter of the corresponding
NC data area (channel, TO area, mode group).
Example
Syntax of the R parameter is as follows: R[Channel,Parameter]
The R parameters are found under the identifier "/Channel/Parameter/R", which is eventually
mapped to "/Channel/Parameter/R[u1, 1]". If you want to access other parameters, you must
correspondingly extend the identifier, for example "/Channel/Parameter/R[u2, 56]".
Note
Please keep in mind that with array access only max 149 parameters are allowed in one access
operation (for example /Channel/Parameter/R[u1, 1, #149]).
ARRAY[0] → /NC/_N_NC_GD3_ACX/ARRAY[1]
ARRAY[1] → /NC/_N_NC_GD3_ACX/ARRAY[2]
ABC[0,0] → /NC/_N_CH_GD3_ACX/ABC[u1, 1]
ABC[0.1] → /NC/_N_CH_GD3_ACX/ABC[u1, 2]
ABC[0.2] → /NC/_N_CH_GD3_ACX/ABC[u1, 3]
ABC[1.0] → /NC/_N_CH_GD3_ACX/ABC[u1, 4]
ABC[1.1] → /NC/_N_CH_GD3_ACX/ABC[u1, 5]
ABC[1.2] → /NC/_N_CH_GD3_ACX/ABC[u1, 6]
ABC[2.0] → /NC/_N_CH_GD3_ACX/ABC[u1, 7]
ABC[2.1] → /NC/_N_CH_GD3_ACX/ABC[u1, 8]
ABC[2.2] → /NC/_N_CH_GD3_ACX/ABC[u1, 9]
Example
Syntax of the PLC variable is as follows: "/Plc/MB"
This variable must be extended by the appropriate byte number, e.g. to "/Plc/MB6".
Note
On SINUMERIK 828D, you can only access the freely definable customer data blocks from
DB9000.
Access formats
The various access formats are shown in the following table. They need to be prefixed with "/
Plc/".
Note
The data type is converted during access with the OPC UA data access interface. Refer to the
following table for the data type conversions.
Note
● Timers can only be read. A timer is active if it contains a value other than 0.
● If the data type CHAR or STRING is used in conjunction with a byte access, UTF8
characters are read, but if either data type is used in conjunction with a word access, UTF16
characters are read.
● Variables of the STRING type contain the maximum length in the first byte and the actual
length in the second byte. When strings are written, the actual length is adapted accordingly.
The maximum length is not changed.
● For the STRING data type in conjunction with a byte access (e.g. "/Plc/
DB99.DBB0:STRING"), the maximum string length is 255 characters. As a result of the
UTF8 formatting, for some characters (e.g. for the "µ"), two bytes are required so that the
maximum string length is correspondingly reduced.
● Only one-dimensional arrays are supported.
5.3.5 Variable paths for 1:N configuration (only target system PCU)
By default, data is accessed on the NCU which is being viewed by SINUMERIK Operate.
Switching to a different NCU in the SINUMERIK Operate results in a situation where the OPC
UA server is also looking at the value of the now active NCU.
If the access is to be to a specific NCU, the NodeId must be expanded with a prefix:
Note
The NCU names are listed in the "MMC.ini" file.
Entry:
[GLOBAL]
NcddeMachineNames=NCU1,NCU2
Example 2: Finding an OPC UA variable occurring in different folders in the variable documentation
You want to find the variable "cuttEdgeParam" which occurs in the folder "/Channel/
Compensation" and "/Tool/Compensation".
1. At the beginning of each chapter for variable sections, you find the information "OEM-MMC:
LinkItem" specifying "/ToolCompensation/“.
2. Refer to the document and search for "ChannelCompensation" and then navigate manually
to the requested parameter "cuttEdgeParam".
2. Therefore you will find the variable "cuttEdgeParam" in the OPC UA Browse Tree in the
folder "Tool", subfolder "Compensation".
Publish interval
Clients define MonitoredItems to subscribe to data and Events. Each MonitoredItem identifies
the item to be monitored and the Subscription to use to send Notifications. The item to be
monitored may be any Node Attribute.
Notifications are data structures that describe the occurrence of data changes and Events.
They are packaged into NotificationMessages for transfer to the Client. The Subscription
periodically sends NotificationMessages at a user-specified publishing interval, and the cycle
during which these messages are sent is called a publishing cycle." (see OPC UA Part 4 -
Services 1.03 Specification.pdf (https://opcfoundation.org/))
Sampling interval
Each MonitoredItem created by the Client is assigned a sampling interval that is either inherited
from the publishing interval of the Subscription or that is defined specifically to override that
rate. [...] The sampling interval indicates the fastest rate at which the server should sample its
underlying source for data changes. (see OPC UA Part 4 - Services 1.03 Specification.pdf
(https://opcfoundation.org/))
See also
Technical data (Page 107)
5.4 Alarms
5.4.1 Overview
Any OPC UA client supporting Alarms & Conditions connected to the OPC UA server can
subscribe to alarms to get the notifications of alarms.
All OPC UA Clients that have subscribed for SINUMERIK alarms will be provided with an alarm
as soon as it becomes active. Also if the alarm becomes inactive, the status of the
corresponding alarm/s will be updated automatically.
Alarms and Conditions support subscription of all the pending and active alarms of the
SINUMERIK system. Part program messages are not supported as part of Alarms and
Conditions, but can be received using data access. The OPC UA Server provides all alarms
that will be provided by the SINUMERIK AlarmService:
● HMI alarms
● NCK alarms including drive alarms
● Diagnostic buffer alarms
● PLC alarms (FC10)
● Alarm_S(Q) alarms (SFC17/18, PDiag, HiGraph, S7-Graph) with results of criteria analysis.
Multi language support for the alarms and warnings messages are supported and the required
alarm language can be selected during session creation in OPC UA Client. If the desired
language is not supported in the operate, the default English language is supported.
The SINUMERIK Alarm object is of the "CNCAlarmType" which is defined in the Companion
Specification "OPC UA Information Model for CNC Systems (http://opcfoundation.org/UA/
CNC/)".
Subscribe to alarms
The SINUMERIK Alarm Event object is connected to the SINUMERIK node. To receive the
alarms, an event subscription must be placed at the SINUMERIK node. The following example
describes how to receive the alarms using the OPC UA Foundation Client:
1. Open the "Quickstart Alarm Condition Client".
2. Click "Conditions > Set Area Filter…". The "Select Area" window appears.
3. Select "Sinumerik".
4. Click "OK".
The alarms will be displayed on the screen.
Unsubscribe to alarms
1. Click "Conditions > Set Area Filter…". The "Select Area" window appears.
2. Right click on "Sinumerik" and select "Remove Monitored Item" to unsubscribe the server
from the Quickstart Alarm Condition Client.
5.4.4.1 Description
Every variable or object in the address space of an OPC UA server is called a node. Every
node has a server unique node id, its symbolic name, addressing information inside the
address model and some other attributes.
Events are by themselves not visible as nodes in the address space. They can only be received
via objects. Not all objects can signal events. Whether an object can signal events is specified
at the object by the EventNotifier attribute. Only objects where this attribute has been set can
be specified in the Event Monitored Item and received in Clients Events.
The Server Object serves as root notifier, that is, its EventNotifier Attribute shall be set providing
Events. However Server object will not be allowed to subscribe for the Events. Only the
"Sinumerik" Object node is accessible and can subscribe to the events.
Access to alarms
User access right is required to subscribe the Events of the Sinumerik object. User access
right with access permission has to be set to “SinuReadAll“ or “AlarmRead“.The access right
is provided using Method Call “GiveUserAccess” as shown below.
If the client does not have the access with “SinuReadAll “or “AlarmRead” and user tries to
subscribe to the Events, server will return error code with “BadUserAccessDenied”.
Event types
The SINUMERIK Alarm object is of the “CNCAlarmType” which is defined in the Companion
Specification “OPC UA Information Model for CNC Systems (http://opcfoundation.org/UA/
CNC/)”.
The root of the derivation hierarchy is the BaseEventType. The types for Alarms and Conditions
are available below the ConditionType. The Application-specific event types such as
CncAlarmType can be derived. The CncAlarmType extends the DiscreteAlarmType.
An alarm is composed of various nested or parallel state machines. Monitoring can generally
be enabled or disabled. If monitoring is enabled, the alarm can be active or otherwise inactive.
Acknowledgment, confirm and comments of alarms is currently not supported.
The basic type for all condition objects is the condition type. It is derived from BaseEventType.
All mechanisms for alarm processing work even without the condition objects are contained
in the address space.
If a condition object changes one or several states, the server sends an event with the
requested event fields to the client. So only the alarms, where a status change happens after
the connection is established, will be sent. To receive all currently active alarms the refresh
method can be used.
CncAlarmType
The CncAlarmType, which is specified in the Companion Specification “OPC UA Information
Model for CNC Systems” is derived from the DiscreteAlarmType, which is defined by the OPC
Foundation.
%DVH23&8$
%DVH(YHQW7\SH &RQGLWLRQ7\SH $FNQRZOHGJHDEOH ,QIRUPDWLRQ0RGHO
&RQGLWLRQ7\SH
'LVFUHWH$ODUP $ODUP&RQGLWLRQ
7\SH 7\SH
&QF$ODUP7\SH
$ODUP,GHQWLILHU
$X[3DUDPHWHUV
+HOS6RXUFH
23&8$,QIRUPDWLRQPRGHO
IRU&1&6\VWHPV
Attributes of BaseEventType
Severity of Alarms
SINUMERIK systems use three severity levels (e.g. Information, Warning and Error). The table
below shows the values at SINUMERIK system and its mapping in OPC UA server/client:
The "LocaleId" is a simple data type that is specified as a string that is composed of a language
component and a country/region component as specified by IEEE 754-1985 (http://
standards.ieee.org/findstds/interps/index.html), IEEE Standard for Binary Floating-Point
Arithmetic. The <country/region> component is always preceded by a hyphen.
Note
In the list of languages that are mentioned, not every language is supported always.
In the above list “OPC UA Specific LocaleId” is used by the OPCU UA client to connect with
the server.
User interface
The figure and table below describes the user interface of the UaExpert client example with
which the information of the namespace of an OPC UA server can be conveniently accessed.
Figure 5-10 OPC UA multi-language alarms and conditions client using OpcUa foundation .Net
Client
5.5.1 Overview
SINUMERIK OPC UA supports the standard OPC UA file and folder objects, which allows
transfer of files as well as the manipulation of the file systems.
Furthermore, the server offers 2 comfort methods to copy NC part programs from the OPC UA
client to the OPC UA server and vice versa. Due to the nature of the method this comfort
methods are limited to a file size of 16 MB. For bigger files please use the file and folder objects
as described in chapter File transfer exceeding 16 MB between client and server (Page 79).
Operations
This allows an OPC UA client to use the following operations within the part of the SINUMERIK
file system:
1. Create files/directories
2. Copy files/directories
3. Moving files/directories
4. Deleting files/directories
5. Renaming files/directories
File system
The standard OPC UA file system is placed in the SINUMERIK folder and the file structure of
the NCU is as shown below:
1. Part Programs
2. Sub Programs
3. Work Pieces
4. NCExtend (External CF Card/internal CF Card)
Note
For 840D sl
For NCU, external CF Card/internal CF Card is supported.
For IPC/PCU, SSD/Harddisk is supported.
5. ExtendedDrives (USB/Networkshare)
Note
The ExtendedDrives folder will only be displayed if there are external drives available.
Please keep in mind that a licence my be required to use these external drive.
Note
NCExtend and ExternalDrives option is supported for SINUMERIK Operate version 4.7 or later.
5.5.2 Prerequisites
The OPC UA server allows the OPC UA client to support the transfer of files between the client
and the server.
As a user, you will require user access rights to access these files from the server. The access
rights are provided using the "GiveUserAccess" method. The following access rights can be
provided for the file system (also see chapter List of rights (Page 44)):
● FsRead for the standard file system methods like Open, GetPosition, Read as well as the
CopyFileFromServer method.
● FsWrite for the standard file system methods like CreateDirecotry, CreateFile, Delete,
MoveOrCopy, Write, SetPosition, Close as well as the CopyFileToServer method.
Folder methods
The folders, "Part Programs", "Sub Programs", "Work Pieces", "NCExtend", and
"ExtendedDrives" are of the "FolderType", which contain the following methods:
Method/Attribute Description
CreateDirectory To create new folders under parent folder.
CreateFile To create new file under parent folder.
Delete To delete folder and file under parent folder.
MoveOrCopy To copy or move files from source to destination
within server filesystem.
You can create, delete, move or copy folders and files using the above methods. When you
create a new folder using "CreateDirectory"’, a new node will be created with "FolderType"
and name provided by the user in OPC UA client. This folder contains all methods and attributes
specified in above table.
The node in the address space, under which the "CreateDirectory" method is called, is the
"parent" node of the new folder node.
The folder methods exist under all folder type objects in the file system. Please note that you
must always call the method under the direct parent node of the file or folder.
For the methods "Delete" and "MoveOrCopy" you must always provide the full identifier of the
node to be moved, copied or deleted.
Whenever you create a new file using the method "CreateFile", a new node will be created
with "FileType" with a user provided name. This file again contains all methods and attributes
specified in the table above. The node in address space, under which the "CreateFile" method
is called, is the "parent" node of the new file node. For specific information for the described
methods, check the Typedefinition in the OPC UA Specification Part 5.
File methods
All files which are in the above mentioned folders will be of the "FileType" type and consist of
the following methods and properties:
Method/Attribute Description
Open Opens the file either in read/write mode.
Read Reads contents of the file.
Write Writes data to the file. (if write permission is avail‐
able)
Close Closes the file. (succeeds if file is open)
GetPosition Gets the position of current position of file pointer
while file read/write operation.
SetPosition Sets the position of current position of file pointer
while file read/write operation.
OpenCount Gives the number of file open instances.
Size Gives the file size details.
UserWritable Set to true if current user has access to modify the
content of the file.
Writable Set to false if the file is read only.
Whenever you create a new file using the method "CreateFile", a new node will be created
with "FileType" type with a user provided name. This file again contains all methods and
attributes specified in the table above. The node in address space, under which the
"CreateFile" method is called, is the "parent" node of the new file node. For specific information
for the described methods, check the type definition in the OPC UA Specification Part 5 Annex
C.
Note
No multiple extensions supported
The methods "CreateFile","CopyFileToServer", "CopyFileFromServer" and "MoveOrCopy" will
not support files with multiple extensions (i.e. test.mpf.mpf).
How can a file transfer be implemented in a client using the file and folder object methods?
The basic idea is to open a file and copy the content from location A to B and then close the
file.
Therefore to copy a file from the SINUMERIK to an OPC UA client the client needs to do the
following:
● Open the file on the SINUMERIK via the Open method,
● then pass the received handle to the Read method and operate on arrays of bytes,
● then close the file via the Close method.
For the other direction, the file has to be created on the SINUMERIK file system first, using
the Create method.
2SHQPRGH
ILOH+DQGOH
WHVWPSI
ILOH+DQGOH
5HDGILOH+DQGOHOHQJWKGDWD
)LUVW1GDWD
1!LWFDQGLIIHU
'DWD GHSHQGLQJRQWKHFOLHQW
VHWWLQJV
5HDGILOH+DQGOHOHQJWKGDWD
'DWD 1H[W1GDWD
WHVWPSI
'DWD
5HDGILOH+DQGOHOHQJWKGDWD
,IWKH%\WH6WULQJLV
HPSW\LWLQGLFDWHVWKDW
WKHHQGRIWKHILOHLV
'DWD UHDFKHG
&ORVHILOH+DQGOH
Figure 5-14 File transfer from server to client using standard file system methods
2SHQPRGH
ILOH+DQGOH
ILOH+DQGOH
:ULWHILOH+DQGOHOHQJWKGDWD
WHVWPSI 'DWD
1H[W1%\WHGDWD
:ULWHILOH+DQGOHOHQJWKGDWD
/DVW1%\WHGDWD
'DWDZULWWHQWRILOH
&ORVHILOH+DQGOH
WHVWPSI
7KHVHVVLRQLVHQGHG
ZLWKRXWFDOOLQJWKH&ORVH
PHWKRG
'DWDZLOOEHORVW
Figure 5-15 File transfer to server from client using standard file system methods
Note
With these methods, you will be able to transfer maximum of 16 MB by default, depending on
the client settings. As the maximum ByteString and message size depends on the server and
client-side stack limit. For file transfer more than 16 MB, it is recommended to use OPC UA
standard file transfer methods.
2. CopyFileToServer:
– Allows copying a client file to a specified SINUMERIK NC memory location.
– The user shall select the file to be transferred and specify the location on server.
For example:
The complete path of the files can be provided as below:
● Sinumerik/FileSystem/Part Program/partprg.mpf
● Sinumerik/FileSystem/Sub Program/subprg.spf
● Sinumerik/FileSystem/Work Pieces/wrkprg.wpf
● Sinumerik/FileSystem/NCExtend/Program.mpf
● Sinumerik/FileSystem/ExtendedDrives/USBdrive/Q3.mpf
5.6 Select
5.6.1 Overview
The "Select" method is provided under "Methods > Filehandling" in the address space, which
allows the selecting of a part program from the NC file system. You can call this method and
select the file to be executed by providing the node identifier of the file in address space and
the channel number.
By calling this method, you can only select the program for execution and not start the execution
of the program itself.
5.6.2 Description
You are allowed to select the part program file for execution from the NC file system and
external memory, which includes "local drive", "USB" and "network share". As part of the file
system feature, the NC file system is exposed in the OPC UA address space.
There are two input values to be provided to call the "Select" method.
● Node identifier of the file to be selected for execution.
● Channel number.
Each part program file on the file system is associated with a node identifier in the OPC UA
address space and is provided as the input. Only one part program can be selected for a
channel. An error will be displayed otherwise.
Status code is an output parameter which indicates the error code in case of failures.
Argument Description
SourceFileNodeId Represents the node identifier of the file with absolute path
(which is selected for execution).
Channel Number A number which represents the channel to be used while pro‐
gram execution.
Prerequisites
● Channel to be used during program execution must be in the state "Reset".
● User with "ApWrite" access right can call "Select" method. If the user does not have the
access "ApWrite" and tries to call "Select" method, it fails and server will return with OpcUa
status "BadUserAccessDenied".
Note
The access right for the user is provided using the "GiveUserAccess" method.
Note
No file restriction
Notice that a file with any extension is allowed to be selected through OPC UA "Select" method.
OPC UA does not restrict selecting files with any file extension.
Joblists cannot be selected.
OPC UA Status
The following table gives details on values and description of the OPC UA method call status:
Result Description
Succeeded Method is executed with success/failure.
OpcUa_BadInvalidArgument Invalid inputs are provided.
OpcUa_BadUserAccessDenied User does not have permission to invoke the method.
Procedure
1. Look for the NodeID of the particular part program you want to select (for example
"NC_PROG1.MPF").
2. Navigate in the "File System" node until you reach the particular file.
3. Specify the NodeID and the channel number in the call of the method.
5.7.1 Description
The OPC UA server supports the creation and deletion of tools and cutting edges. The methods
for this operation can be found under "Sinumerik > Methods > ToolManagement" folder.
Following are the four methods present in "ToolManagement" folder:
● CreateTool
● DeleteTool
● CreateCuttingEdge
● DeleteCuttingEdge
Example calls
For example calls of the provided methods, please refer to the shown screenshots of
OpcFoundation Client.
Prerequisites
User with "ToolWrite" access right can call "ToolManagement" methods. If the user does not
have the access "ToolWrite" and tries to call "ToolManagement" methods, it fails and server
will return with OpcUa status "BadUserAccessDenied".
Note
The access right for the user is provided using the "GiveUserAccess" method.
5.7.2 CreateTool
The "CreateTool" method is used to create a new tool with a special T-number in Tool List
section of the SINUMERIK, and appears under the folder “Methods/ToolManagement”. The
CreateTool method does not contain the settings of tool parameters. The tool parameters e.g.:
tool type, cutting edge date etc. are set via data access functions.
The CreateTool method has two input parameters and one output parameter.
Signature:
CreateTool(
[in] string ToolArea
[in] string ToolNumber
[out] Uint32 StatusCode
)
The following table will give details about the parameters of the method:
The method returns a value which indicates whether the creation was successful or not. If the
creation was not successful the return value will give information about the reason of the failure.
Status code
The status code is the result of the requested action which is a number as shown in the table
below:
Result Description
Succeeded Method executed with success/failure reason.
BadInvalidArgument Arguments provided are not correct.
BadUserAccessDenied "ToolWrite" access is not provided.
5.7.3 DeleteTool
The "DeleteTool" method is used to delete an existing tool in Tool List section of the
SINUMERIK, and appears under the folder “Methods/ToolManagement”.
The method deletes the tool with all cutting edges in all data blocks where it is saved.
DeleteTool(
[in] string ToolArea
[in] string ToolNumber
The following table will give details about the Parameters of the method:
The method returns a value which indicates whether the delete was successful or not. If the
delete was not successful the return value will give information about the reason of the failure.
Status code
If the deletion of the tool was not successful the return value will give information about the
reason of the failure which are explained in the table below.
StatusCode Description
0 OK.
1 Tool area does not exist.
2 Tool number out of range.(Reason wrong param‐
eter)
3 Tool does not exist.
6 Tool active.(Reason tool in use)
Result Description
Succeeded Method executed with success/failure reason.
BadInvalidArgument Arguments provided are not correct.
BadUserAccessDenied "ToolWrite" access is not provided.
5.7.4 CreateCuttingEdge
The "CreateCutting Edge" method is used to create a new cutting edge of an existing tool in
“Tool List” section of the SINUMERIK. The next superior free D number will be created.
The ”CreateCuttingEdge” method appears under the folder “Methods/ToolManagement”. This
method does not contain the settings of cutting edge parameters.
The CreateCuttingEdge method has two inputs and two output parameters.
Signature:
CreateCuttingEdge(
[in] string ToolArea
[in] string ToolNumber
[out] Uint32 DNumber
[out] Uint32 StatusCode
)
The following table will give details about the parameters of the method:
The method returns a value which indicates whether the creation was successful or not. If the
creation was successful the DNumber under which the new cutting edge was created will be
returned. If the creation was not successful the return value will give information about the
reason of the failure.
Status code
The status code is the result of the requested action and is represented by a number, as shown
in the table below:
Result Description
Succeeded Method executed with success/failure reason.
BadInvalidArgument Arguments provided are not correct.
BadUserAccessDenied "ToolWrite" access is not provided.
5.7.5 DeleteCuttingEdge
The "DeleteCuttingEdge" is used to delete a cutting edge of an existing tool in "Tool List"
section of the SINUMERIK. This method appears under the folder "Methods/
ToolManagement".
The DeleteCuttingEdge method has three input and one output parameters.
Signature:
DeleteCuttingEdge(
[in] string ToolArea
[in] string ToolNumber
[in] string CuttingEdgeNumber
[out] Uint32 StatusCode
Following table will give details about the Parameters of the method:
The method should return a value which indicates whether the delete was successful or not.
If the delete was not successful the return value should give information about the reason of
the failure.
Status code
The status code is the result of the requested action which is a number as shown in the table
below:
Result Description
Succeeded Method executed with success/failure reason.
BadInvalidArgument Arguments provided are not correct.
BadUserAccessDenied "ToolWrite" access is not provided.
Overview
The OPC UA server offers a variety of diagnostics information, as described in the OPC UA
Standard Part 5 - "Information Model", Chapter 6.
This diagnostics information can be found under the Server Node:
Requirement
Note
To show the correct status of OPC UA server you must have at least one type of message
encryption (128 bit or 256 bit) enabled.
Diagnostics screen
Additional to the server diagnostic information available via OPC UA, there is a SINUMERIK
Operate screen, which shows the actual status of the OPC UA server.
To open the diagnostics screen, select the operating area "Startup > Network" in
SINUMERIK Operate, then press the "OPC UA" softkey. The OPC UA status screen is the
first screen to be displayed.
Compatibility
This version of OPC UA server is supported by SINUMERIK 840D sl and SINUMERIK 828D.
An update process is possible with the following SINUMERIK software versions:
● Software line 4.5: with versions ≥ V4.5 SP4.
● Software line 4.7: with versions ≥ V4.7 SP2.
● Software line 4.8: with versions ≥ V4.8 SP1.
7.2 Compatibility
Compatibility
Below are the compatibility issues of OPC UA:
● Password
The Password length has changed to min. 8 characters.
● User rights
– The behavior in setting “SinuReadAll” and “SinuWriteAll” is different from previous
versions.
– Different from previous version is that removing the right “SinuReadAll” will remove all
read rights. In previous versions additionally added read rights have not been deleted
with removing “SinuReadAll”.
Same applies to “SinuWriteAll”.
Note
If you face any other compatibility issues or for further details, refer to hotline (https://
support.industry.siemens.com/cs/sc/2090/).
See also
Update of OPC UA server (Page 111)
Note
If OPC UA was active before the installation, users and rights are being preserved.
Note
Different installation procedure for 828D / V4.5
Please not that the server update procedure for 828D with CNC software version V4.5 varies
from the standard process below (see chapterUpdate of OPC UA server (Page 111)).
Note
If OPC UA was active before the installation, users and rights are being preserved.
Description Value
Number of sessions 1)
828D 5
840 D sl 10
Number of subscriptions 2)
828D 5
840D sl 10
Maximum samples / second 828D 500 1/s
840D sl 1000 1/s
Min. sampling interval 100 ms
Sampling intervals {100, 250, 500, 1000, 2500, 5000} ms
Min. publishing interval 100 ms
Publishing intervals {100, 250, 500, 1000, 2500, 5000} ms
Max. number of users 20
Max. lifetime interval (LifeTime Count) 3600000 s
Session timeout 60 s
Max. monitored items queue size (Subscription 10000
Queue size)
2. Press the softkey ">". The second operating area will appear.
3. Press the softkey "OPC UA". The settings dialog will appear.
Note
The operating of the settings dialog is explained in chapter Commissioning (Page 21).
Prerequisite
A .tgz file (e. g.: hmi_sl_opcua_02.02.00.00.007.tgz) is provided on an USB stick.
3. Press key "^", then 2nd horizontal softkey, then 2nd vertical softkey to get to extended
"startup menu".
4. Plug in the USB drive with the provided .tgz file at the front of the 828D control.
The server cannot be found by the client. ● Check whether the IP address of the
What can I do? networking dialog is compatible to those
of the OPC UA dialog.
● If the IP addresses are not compatible,
press "Change" in the OPC UA setup
dialog. The new addresses will be directly
transferred into the setup dialog.
● Confirm with "Ok" and restart the
SINUMERIK.
The connection the server should function
properly now.
The OPC UA server status shows OK but the ● Reboot the control in order to activate all
client is not able to connect. What can I do? necessary firewall settings (e.g.: port
number changed).
OPC UA client cannot con‐ ● Certificate user is created Please check date and time of the target sys‐
nect as certificate user tem. In case the target system time is not
● Certificate for certificate user is trusted
within the period of validity (valid from – valid
● OPC UA client cannot connect as to) of the client certificate, the connection gets
certificate user refused (BadIdentityTokenRejected).
File Sysytem
How to use "Delete" method? ● The "Delete" method is used to delete a file/directory. The
OPC UA server will not allow to delete the file if the file is
opened for the file operation. You must close the file
handle to delete the file. In case of directory, all the file
and directory objects below the directory to delete are
deleted recursively.
● A file which is selected for execution or a folder which
contains the selected file are not allowed to be moved.
However if the file is moved there is a possibility that an
empty file will be created.
How to use "MoveOrCopy " method? ● The "MoveOrCopy" method is used to move or copy a file/
directory to another directory or to rename a file/directory.
● The OPC UA server can move any file or folder without
extension in the USB drive, network share, and local drive
but not in the NC memory. In the NC memory, a folder with
the extension "DIR" can only be allowed to be moved to
the NC memory.
● The OPC UA server will not allow to move the folder if the
file is opened for the file operation.
● A file which is selected for execution or a folder which
contains the selected file, are not allowed to be moved.
However if the file is moved there is a possibility that an
empty file will be created.
How to use "Open " method? When a client opens a file, it gets a file handle that is valid
while the session is open. Clients shall use the "Close" meth‐
od to release the handle when they do not need access to the
file anymore. Clients can open the same file several times for
read.
How to use "Read " method? The "Read" method is used to read a part of the file starting
from the current file position. The file position is advanced by
the number of bytes read. The data contains the returned data
Technical Support
Country-specific telephone numbers for technical support are provided in the Internet at the
following address (https://support.industry.siemens.com/cs/sc/2090/) in the "Contact" area.
A D
Accessibility, 11 Data types, 52
AddCertificateUser, 42 Delete
Address space, 48 method, 77
GUD, 48 DeleteCuttingEdge, 93
machine data, 48 Method Result Codes, 93
PLC blocks, 48 Parameters, 93
setting data, 48 Status code, 93
AddUser, 42 DeleteTool, 90
Alarms Method Result Codes, 90
CnCAlarmType, 64 Parameters, 90
Event types, 63 Status code, 90
sequence, 62 DeleteUser, 42
subscribe, 61 DeleteUserAccess, 43
unsubscribe, 62 Deleting
Application scenario, 11 rejected certificates, 34
trusted certificates, 32
development kit, 9
B
Browsing, 48
E
Encryption, 10
C Exporting
server certificates, 30
ChangeMyPassword, 42
Checking the time, 21
Client, 9
Close
F
method, 78 File access rights, 75
CopyFileFromServer Functionalities, 10
method, 83
CopyFileToServer
method, 83 G
Create tool, 89
GetMyAccessRights, 43
Method Result Codes, 89
GetPosition
Parameters, 89
method, 78
Status code, 89
GetUserAccessRights, 43
CreateCutting Edge, 92
GetUserList, 42
Method Result Codes, 92
GiveUserAccess, 45
Parameters, 92
Status code, 92
CreateDirectory
method, 77
I
CreateFile Importing
method, 77 trusted certificates, 32
Industry 4.0, 9
L P
Language identifier, 69 PCU / IPC, 11
License, 20 Publish interval, 59
LocalizedText, 68 Publishing intervals, 107
M R
Max. lifetime interval (LifeTime Count), 107 Read
Max. monitored items queue size (Subscription method, 78
Queue size), 107 Rejected certificates
Max. number of users, 107 deleting, 34
Maximum samples / second, 107 trusting, 34
Method Renewing
Close, 78 Server certificates, 29
CopyFileFromServer, 83
CopyFileToServer, 83
CreateDirectory, 77 S
CreateFile, 77
Sampling interval, 59
Delete, 77
Sampling intervals, 107
GetPosition, 78
Security settings, 10
MoveOrCopy, 77
Select
OpenCount, 78
Status code, 86
Read, 78
Server certificates
SetPosition, 78
exporting, 30
Size, 78
renewing, 29
UserWritable, 78
Session timeout, 107
Writable, 78
SetPosition
Write, 78
method, 78
Min. publishing interval, 107
SINUMERIK
Min. sampling interval, 107
supported languages, 69
Monitored items, 59
SINUMERIK 828D, 11
MoveOrCopy
SINUMERIK 840D sl, 11
method, 77
SINUMERIK OPC UA server, 9
SINUMERIK systems, 11
Size
N method, 78
Number of sessions, 107 Supported Languages
Number of subscriptions, 107 SINUMERIK, 69
O T
OPC UA standard, 9 Thin Client, 11
Open Trusted certificates
method, 78 deleting, 32
OpenCount importing, 32
method, 78 Trusting
rejected certificates, 34
U
UaExpert client, 71
User administration, 10
UserWritable
method, 78
V
Variable paths, 50
W
Writable
method, 78
Write
method, 78